Thanks Rafael, that seems reasonable. Excellent ! Thx a lot.
On 1 March 2018 at 14:58, Rafael Weingärtner <rafaelweingart...@gmail.com> wrote: > Looking at the code, I see that the "domainSuffix" is not validated against > the certificate commons name. That is why everything works for you. The > "domainSuffix" is only used for logical stuff inside ACS. > > The global parameter is only used to generate the URL to access the > SSVM/console proxy, which is protected via SSL and use the certificate you > configured. So, as long as the commons name of the certificate matches the > global parameter you are good to go. > > On Thu, Mar 1, 2018 at 10:49 AM, Andrija Panic <andrija.pa...@gmail.com> > wrote: > > > anyone ? > > > > On 27 February 2018 at 14:32, Andrija Panic <andrija.pa...@gmail.com> > > wrote: > > > > > Hi all, > > > > > > I got confused about the domain fields/API parameter that is used when > > > uploading new SSL, to be used on CPVM and SSVM copy process (this is > > > domain_suffix in cloud.keystore table) > > > > > > Due to some automation, I came across the following scenarios, which > > WORKS > > > FINE, but I'm confused as how and why it works. > > > > > > New SSL that was issued for " *.domain1.com " was uploaded via API > (CA, > > > intermediate, server cert, and the key in pkcs8) - but doman specified > > > during this SSL upload process was " domain2.com " (so NOT matching > > > domain of the certificate) > > > > > > This causes the cloud.keystore table/rows to have this domain2.com in > > the > > > last column next to CA/intermediate/server/key... (this is > domain_suffix > > > column) > > > > > > But in global config we define " *.domain1.com " as the CERT to be > used > > > for CPVM and for securing/encrypting secondary storage copy process > > between > > > zones > > > Same SSL is also used to i.e. download templates etc... > > > > > > So it all works fine, but...how ?, when "domain1.com" (instead of "*. > > > domain2.com") was defined in uploadCertificate GUI/API - i.e. what is > > the > > > use of this domain_suffix field at all ? > > > > > > Thx, > > > > > > -- > > > > > > Andrija Panić > > > > > > > > > > > -- > > > > Andrija Panić > > > > > > -- > Rafael Weingärtner > -- Andrija Panić
